(516) 500-7789 Customer Portal Let's Talk
Archive

Malware, Hacking, and Breaches: How Opportunists Are Targeting Businesses During COVID-19

A primer on malware categories — spyware, ransomware, viruses, worms — plus a tour of the COVID-era attacks that exploited the pivot to remote work.

By Madeleine Avni
  • Cybersecurity
  • Malware
  • Phishing

Let’s get straight to the point: the current pandemic has been hard on businesses nationwide. Between adjusting to working from home, learning to market and sell exclusively online, and making sure all your employees are safe, it’s easy to let some things fall through the cracks, including cybersecurity. In this article, UOTech.co will take you through the ramifications of lowering your cybersecurity defenses, as well as notable instances of security breaches observed in networks of all sizes and calibers since the beginning of quarantine.

What Is Malware?

Malware is defined as any software designed to damage, disrupt, or infiltrate a device or network. Many types of programs fall under this umbrella, notably spyware, ransomware, traditional viruses, and worms.

Malware is an all-encompassing term that includes many forms of intentionally malicious software. The word malware was first coined in 1990 by the late Israeli professor Yisrael Radai, as a conjunction of the words “malicious” and “software.”

Spyware is a class of programs designed to spy on infected devices. Features can include keyloggers (which record every keystroke entered by a user), Internet activity monitors, and collectors for stored user logins and passwords. Some spyware can also change the settings of the infected computer, redirect browser activity to malicious websites, and download software without a user’s consent.

Ransomware is designed to lock the data on an infected device so that users can’t access their files. This locking is usually accompanied by a demand for ransom payments in cryptocurrency. Even if a ransom is paid, it is not uncommon for files to remain locked, and for the program to swiftly spread to other devices. Petya and WannaCry are well-known examples.

Traditional viruses write themselves into programs already present on a computer (referred to as “hosts”), thereby infecting it and giving the virus an opportunity to spread. Once inside, a virus can modify other software on the computer, allowing it to corrupt data, steal personal information, spam, and display threatening messages on the screen.

Worms are standalone chunks of code that can self-replicate without a host program, allowing them to spread through networks incredibly quickly. They can be passed along through all manner of Internet activity, including infected websites, emails, shared files, and even your own servers if they’re not properly protected. Worms often carry a different piece of malware as a “payload.”

There are other types of malware as well, including adware, malvertising, Trojan horses, and hybrids of more than one category. Low cybersecurity standards can leave your business open to any of these.

Scattered Canary Scam

The CARES Act, put in place in response to the pandemic, includes multiple types of payouts: $1,200 stimulus checks, unemployment wages, and the extra $600 per week being given to those laid off. As soon as the act was instated, the U.S. government was hit with a titanic wave of claims. Mixed in with these legitimate claims, however, were thousands of false ones from Nigerian scam ring Scattered Canary. They made off with a sum estimated to be multiple millions of dollars before being detected.

Long before the pandemic began, Scattered Canary was operating a “business email compromise” ring, using phishing and email-spread malware to obtain the identities and login credentials of innumerable businessmen and women. When combined with the data stolen in unrelated breaches of bank data, the ring had more than enough personal information available to create fraudulent claims with. The state of Washington was hit the hardest by the wave of claims, even though it had just been given a $44 million cybersecurity upgrade.

MS Excel Phishing

On May 18, Microsoft Security Intelligence used Twitter to warn customers of a new phishing scam executed through Microsoft Excel. The scheme began with the sending of fraudulent emails, claiming to be from the Johns Hopkins Center on the topic of COVID-19. Each email contained an Excel attachment, presented as a graph of coronavirus cases in the U.S. When the attachment was opened, it would ask the user to enable macros, and then use the resultant security permissions to install a Remote Access Terminal (RAT) from NetSupport Manager, a legitimate remote management tool. This program allows remote access into the computer, enabling the perpetrators to take control, and view and steal data.

Microsoft reports that hundreds of unique macro programs were found in the emails it analyzed, each obfuscated as much as possible by the formatting of the macro itself. However, when analyzed more closely, every macro led back to the same URL, which would then install the RAT. The script installed also had the capability to connect to certain servers and potentially access Windows PowerShell.

Data Breaches Galore

Data breaches are more common than one might think, even among major corporations. Since the beginning of the year, there have been innumerable breaches of customer data among online shops and services. In April, a research team named Cyble discovered half a million Zoom account logins, which had been illegitimately taken in a data breach, for sale on the dark web. Not more than a week later, the same team found the identities of 267 million Facebook users listed on the dark web for the sum of $540. Most worryingly, Carnival Corp. disclosed a breach of customer data including full names, SSNs, passport numbers, government ID numbers, and credit card details in March of this year.

Even before quarantine began, retail websites and storefronts have fallen victim to hacking multiple times this year. In January, Hanna Andersson, a popular children’s clothing brand, fell victim to a data breach including the card numbers, CVVs, expiration dates, and personal information of an unknown number of online customers. Near-simultaneously, 63 restaurants belonging to Landry’s Inc. experienced a hack in their point-of-sale systems.

Most of these attacks were carried out through “credential stuffing,” a process where hackers take data that has been released in a prior breach and try using it to log into other websites. Credential stuffing cases can be hard to detect, but a good cybersecurity system can track the orders that result in fraud and blacklist their IP addresses.

Takeaways

Malware is a scary thing, and can be extremely detrimental to the functioning of your business. Hackers and scammers will never quit trying to make a quick buck, or cause damage for damage’s sake, by creating malware and instigating data breaches. However, good cybersecurity practices can go a long way in preventing attacks on your computers and network. If your business is not adequately protected, looking into hiring an IT and security firm to handle your cybersecurity may be the solution for you.

Back to all insights
Start a conversation

Need help on this?
Tell us about it.

Most of what shows up on this blog ends up being a real client conversation. If anything here applies to your operation, talk to us about it.

  • No sales script. A real conversation with someone who gets it.
  • A 30 minute call, an honest read on your current setup.
  • Straight pricing. No surprise invoices.
Or call directly (516) 500-7789
Company size

By submitting, you agree to our Privacy Policy. We never share your info.